Control: tags -1 pending patch
Control: severity -1 important
On 2015-04-18 Andreas Metzler ametz...@bebt.de wrote:
Package: freetds
[...]
the package FTBFS against the recently released GnuTLS 3.4.0:
[...]
Hello,
I have just uploaded a NMU with these changes to delayed/15:
* Use gnutls_priority_set_direct with a priority string of NORMAL:%COMPAT
instead of deprecated gnutls_{cipher,kx,...}_set_priority functions. This
uses the same priority string as 7ca9321ff440814581a8ec87984f7d76f8cc105e
from upstream GIT, except for not disabling SSL3.0 since Debian's GnuTLS
does not enable SSL3 by default. Closes: #782818
Please tell me if I should delay further.
Thanks, cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -u freetds-0.91/debian/changelog freetds-0.91/debian/changelog
--- freetds-0.91/debian/changelog
+++ freetds-0.91/debian/changelog
@@ -1,3 +1,14 @@
+freetds (0.91-6.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Use gnutls_priority_set_direct with a priority string of NORMAL:%COMPAT
+instead of deprecated gnutls_{cipher,kx,...}_set_priority functions. This
+uses the same priority string as 7ca9321ff440814581a8ec87984f7d76f8cc105e
+from upstream GIT, except for not disabling SSL3.0 since Debian's GnuTLS
+does not enable SSL3 by default. Closes: #782818
+
+ -- Andreas Metzler ametz...@debian.org Sun, 26 Jul 2015 18:06:25 +0200
+
freetds (0.91-6) unstable; urgency=low
* Build against libgnutls28, now that license compatibility issues
diff -u freetds-0.91/src/tds/net.c freetds-0.91/src/tds/net.c
--- freetds-0.91/src/tds/net.c
+++ freetds-0.91/src/tds/net.c
@@ -1282,25 +1282,6 @@
{
gnutls_session session;
gnutls_certificate_credentials xcred;
-
- static const int kx_priority[] = {
- GNUTLS_KX_RSA_EXPORT,
- GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA,
- 0
- };
- static const int cipher_priority[] = {
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128,
-#if 0
- GNUTLS_CIPHER_ARCFOUR_40,
- GNUTLS_CIPHER_DES_CBC,
-#endif
- 0
- };
- static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 };
- static const int mac_priority[] = {
- GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0
- };
int ret;
const char *tls_msg;
@@ -1340,10 +1321,9 @@
gnutls_set_default_priority(session);
/* ... but overwrite some */
- gnutls_cipher_set_priority(session, cipher_priority);
- gnutls_compression_set_priority(session, comp_priority);
- gnutls_kx_set_priority(session, kx_priority);
- gnutls_mac_set_priority(session, mac_priority);
+ ret = gnutls_priority_set_direct (session,
+NORMAL:%COMPAT, NULL);
+
/* mssql does not like padding too much */
#ifdef HAVE_GNUTLS_RECORD_DISABLE_PADDING
gnutls_record_disable_padding(session);
signature.asc
Description: Digital signature